Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Tenable.sc 5.14.0 updates jQuery to version 3.4.1 to address the identified vulnerabilities. Additionally, Tenable.sc 5.14.0 addresses a stored cross-site scripting (XSS) vulnerability specific to Microsoft Internet Explorer and Edge web browsers. The stored XSS could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue. (CVE-2020-5737)
Vulmon